Home / mailings APPLE-SA-11-03-2025-2 macOS Tahoe 26.1
Posted on 04 November 2025
Apple Security-announceAPPLE-SA-11-03-2025-2 macOS Tahoe 26.1
macOS Tahoe 26.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125634.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Admin Framework
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: The issue was addressed with improved checks.
CVE-2025-43471: Gergely Kalman (@gergely_kalman)
Admin Framework
Available for: macOS Tahoe
Impact: An app may be able to access user-sensitive data
Description: A logic issue was addressed with improved checks.
CVE-2025-43322: Ryan Dowd (@_rdowd)
Apple Account
Available for: macOS Tahoe
Impact: A malicious app may be able to take a screenshot of sensitive
information in embedded views
Description: A privacy issue was addressed with improved checks.
CVE-2025-43455: Ron Masas of BreakPoint.SH, Pinak Oza
Apple Neural Engine
Available for: macOS Tahoe
Impact: An app may be able to cause unexpected system termination or
corrupt kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2025-43447: an anonymous researcher
CVE-2025-43462: an anonymous researcher
AppleMobileFileIntegrity
Available for: macOS Tahoe
Impact: An app may be able to access user-sensitive data
Description: A downgrade issue affecting Intel-based Mac computers was
addressed with additional code-signing restrictions.
CVE-2025-43390: Mickey Jin (@patch1t)
AppleMobileFileIntegrity
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: An injection issue was addressed with improved validation.
CVE-2025-43388: Mickey Jin (@patch1t)
CVE-2025-43466: Mickey Jin (@patch1t)
AppleMobileFileIntegrity
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2025-43382: Gergely Kalman (@gergely_kalman)
AppleMobileFileIntegrity
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A downgrade issue affecting Intel-based Mac computers was
addressed with additional code-signing restrictions.
CVE-2025-43468: Mickey Jin (@patch1t)
AppleMobileFileIntegrity
Available for: macOS Tahoe
Impact: An app may be able to access protected user data
Description: This issue was addressed with improved validation of
symlinks.
CVE-2025-43379: Gergely Kalman (@gergely_kalman)
AppleMobileFileIntegrity
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43378: an anonymous researcher
ASP TCP
Available for: macOS Tahoe
Impact: An app may be able to cause unexpected system termination
Description: A use after free issue was addressed with improved memory
management.
CVE-2025-43478: Joseph Ravichandran (@0xjprx) of MIT CSAIL, Dave G.
(supernetworks.org)
Assets
Available for: macOS Tahoe
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed with improved entitlements.
CVE-2025-43407: JZ
Assets
Available for: macOS Tahoe
Impact: An app may be able to modify protected parts of the file system
Description: This issue was addressed with improved validation of
symlinks.
CVE-2025-43446: Zhongcheng Li from IES Red Team of ByteDance
ATS
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2025-43465: an anonymous researcher
Audio
Available for: macOS Tahoe
Impact: An attacker with physical access to an unlocked device paired
with a Mac may be able to view sensitive user information in system
logging
Description: A logging issue was addressed with improved data redaction.
CVE-2025-43423: Duy Tr=E1=BA=A7n (@khanhduytran0)
BackBoardServices
Available for: macOS Tahoe
Impact: An app may be able to break out of its sandbox
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2025-43497: an anonymous researcher
bootp
Available for: macOS Tahoe
Impact: An app may be able to access protected user data
Description: This issue was addressed with improved handling of
symlinks.
CVE-2025-43394: Csaba Fitzl (@theevilbit) of Kandji
CloudKit
Available for: macOS Tahoe
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed with improved validation of
symlinks.
CVE-2025-43448: Hikerell (Loadshine Lab)
configd
Available for: macOS Tahoe
Impact: An app may be able to access protected user data
Description: This issue was addressed with improved handling of
symlinks.
CVE-2025-43395: Csaba Fitzl (@theevilbit) of Kandji
configd
Available for: macOS Tahoe
Impact: An app may be able to access protected user data
Description: This issue was addressed with improved validation of
symlinks.
CVE-2025-43461: Csaba Fitzl (@theevilbit) of Kandji
Contacts
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A logging issue was addressed with improved data redaction.
CVE-2025-43426: Wojciech Regula of SecuRing (wojciechregula.blog)
CoreAnimation
Available for: macOS Tahoe
Impact: A remote attacker may be able to cause a denial-of-service
Description: A denial-of-service issue was addressed with improved
validation.
CVE-2025-43401: =EC=9D=B4=EB=8F=99=ED=95=98 (Lee Dong Ha of BoB 14th), =wac working with Trend
Micro Zero Day Initiative
CoreServices
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43479: an anonymous researcher
CoreServices
Available for: macOS Tahoe
Impact: An app may be able to enumerate a user's installed apps
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43436: Zhongcheng Li from IES Red Team of ByteDance
CoreServicesUIAgent
Available for: macOS Tahoe
Impact: A malicious app may be able to delete protected user data
Description: This issue was addressed with improved handling of
symlinks.
CVE-2025-43381: Mickey Jin (@patch1t)
CoreText
Available for: macOS Tahoe
Impact: Processing a maliciously crafted media file may lead to
unexpected app termination or corrupt process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2025-43445: Hossein Lotfi (@hosselot) of Trend Micro Zero Day
Initiative
Disk Images
Available for: macOS Tahoe
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed with improved checks.
CVE-2025-43481: Adwiteeya Agrawal, Mickey Jin (@patch1t), Kenneth Chew,
an anonymous researcher
DiskArbitration
Available for: macOS Tahoe
Impact: A malicious app may be able to gain root privileges
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43387: an anonymous researcher
Dock
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A race condition was addressed with improved state
handling.
CVE-2025-43420: Rodolphe BRUNETTI (@eisw0lf) of Lupus Nova
dyld
Available for: macOS Tahoe
Impact: Visiting a website may lead to an app denial-of-service
Description: A denial-of-service issue was addressed with improved input
validation.
CVE-2025-43464: Duy Tr=E1=BA=A7n (@khanhduytran0), @EthanArbuckle
FileProvider
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: An authorization issue was addressed with improved state
management.
CVE-2025-43498: pattern-f (@pattern_F_)
Find My
Available for: macOS Tahoe
Impact: An app may be able to fingerprint the user
Description: A privacy issue was addressed by moving sensitive data.
CVE-2025-43507: iisBuri
Finder
Available for: macOS Tahoe
Impact: An app may bypass Gatekeeper checks
Description: A logic issue was addressed with improved validation.
CVE-2025-43348: Ferdous Saljooki (@malwarezoo) of Jamf
GPU Drivers
Available for: macOS Tahoe
Impact: An app may be able to cause unexpected system termination or
read kernel memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2025-43474: Murray Mike
Installer
Available for: macOS Tahoe
Impact: A sandboxed app may be able to access sensitive user data
Description: A logic issue was addressed with improved checks.
CVE-2025-43396: an anonymous researcher
Installer
Available for: macOS Tahoe
Impact: An app may be able to fingerprint the user
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43444: Zhongcheng Li from IES Red Team of ByteDance
Installer
Available for: macOS Tahoe
Impact: An app may be able to gain root privileges
Description: This issue was addressed with improved checks.
CVE-2025-43467: Mickey Jin (@patch1t)
Kernel
Available for: macOS Tahoe
Impact: An app may be able to cause unexpected system termination
Description: The issue was addressed with improved memory handling.
CVE-2025-43398: Cristian Dinca (icmd.tech)
libxpc
Available for: macOS Tahoe
Impact: A sandboxed app may be able to observe system-wide network
connections
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2025-43413: Dave G. and Alex Radocea of supernetworks.org
Mail Drafts
Available for: macOS Tahoe
Impact: Remote content may be loaded even when the 'Load Remote Images'
setting is turned off
Description: The issue was addressed by adding additional logic.
CVE-2025-43496: Romain Lebesle, Himanshu Bharti @Xpl0itme =46rom Khatima
Model I/O
Available for: macOS Tahoe
Impact: Processing a maliciously crafted media file may lead to
unexpected app termination or corrupt process memory
Description: An out-of-bounds access issue was addressed with improved
bounds checking.
CVE-2025-43386: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative
CVE-2025-43385: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative
CVE-2025-43384: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative
CVE-2025-43383: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative
Model I/O
Available for: macOS Tahoe
Impact: An app may be able to cause a denial-of-service
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2025-43377: BynarIO AI (bynar.io)
Multi-Touch
Available for: macOS Tahoe
Impact: A malicious HID device may cause an unexpected process crash
Description: The issue was addressed with improved bounds checks.
CVE-2025-43424: Google Threat Analysis Group
NetFSFramework
Available for: macOS Tahoe
Impact: An app may be able to break out of its sandbox
Description: A race condition was addressed with additional validation.
CVE-2025-43364: Csaba Fitzl (@theevilbit) of Kandji
Networking
Available for: macOS Tahoe
Impact: iCloud Private Relay may not activate when more than one user is
logged in at the same time
Description: A logic error was addressed with improved error handling.
CVE-2025-43506: Doug Hogan
Notes
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed by removing the vulnerable
code.
CVE-2025-43389: Kirin (@Pwnrin)
NSSpellChecker
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43469: Mickey Jin (@patch1t)
PackageKit
Available for: macOS Tahoe
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed with additional entitlement
checks.
CVE-2025-43411: an anonymous researcher
Photos
Available for: macOS Tahoe
Impact: An app may be able to access user-sensitive data
Description: A permissions issue was addressed with additional sandbox
restrictions.
CVE-2025-43405: an anonymous researcher
Photos
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed with improved handling of
temporary files.
CVE-2025-43391: Asaf Cohen
quarantine
Available for: macOS Tahoe
Impact: An app may be able to break out of its sandbox
Description: A permissions issue was addressed with additional sandbox
restrictions.
CVE-2025-43393: an anonymous researcher
Ruby
Available for: macOS Tahoe
Impact: Multiple issues in ruby
Description: This is a vulnerability in open source code and Apple
Software is among the affected projects. The CVE-ID was assigned by a
third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2024-43398
CVE-2024-49761
CVE-2025-6442
Safari
Available for: macOS Tahoe
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The issue was addressed with improved checks.
CVE-2025-43493: @RenwaX23
Safari
Available for: macOS Tahoe
Impact: Visiting a malicious website may lead to user interface spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2025-43503: @RenwaX23
Safari
Available for: macOS Tahoe
Impact: An app may be able to bypass certain Privacy preferences
Description: A privacy issue was addressed by removing sensitive data.
CVE-2025-43502: an anonymous researcher
Sandbox
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A logic issue was addressed with improved restrictions.
CVE-2025-43406: Zhongquan Li (@Guluisacat)
Sandbox
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed with additional sandbox
restrictions.
CVE-2025-43404: Zhongquan Li (@Guluisacat)
Sandbox Profiles
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed with improved handling of
user preferences.
CVE-2025-43500: Stanislav Jelezoglo
Security
Available for: macOS Tahoe
Impact: An app may be able to access user-sensitive data
Description: The issue was addressed by adding additional logic.
CVE-2025-43335: Csaba Fitzl (@theevilbit) of Kandji
Share Sheet
Available for: macOS Tahoe
Impact: An attacker with physical access may be able to access contacts
from the lock screen
Description: This issue was addressed by restricting options offered on
a locked device.
CVE-2025-43408: Vivek Dhar, ASI (RM) in Border Security Force, FTR HQ
BSF Kashmir
SharedFileList
Available for: macOS Tahoe
Impact: An app may be able to break out of its sandbox
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43476: Mickey Jin (@patch1t)
Shortcuts
Available for: macOS Tahoe
Impact: A shortcut may be able to access files that are normally
inaccessible to the Shortcuts app
Description: A permissions issue was addressed with improved validation.
CVE-2025-30465: an anonymous researcher
CVE-2025-43414: an anonymous researcher
Shortcuts
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved state management.
CVE-2025-43473: Kirin (@Pwnrin)
Shortcuts
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with additional entitlement
checks.
CVE-2025-43499: an anonymous researcher
sips
Available for: macOS Tahoe
Impact: Parsing a file may lead to an unexpected app termination
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2025-43380: Nikolai Skliarenko of Trend Micro Zero Day Initiative
Siri
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2025-43477: Kirin (@Pwnrin)
Siri
Available for: macOS Tahoe
Impact: An app may be able to access protected user data
Description: This issue was addressed with improved redaction of
sensitive information.
CVE-2025-43399: Cristian Dinca (icmd.tech), Kirin (@Pwnrin)
SoftwareUpdate
Available for: macOS Tahoe
Impact: An app with root privileges may be able to access private
information
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43336: Rodolphe BRUNETTI (@eisw0lf) of Lupus Nova
SoftwareUpdate
Available for: macOS Tahoe
Impact: An app may be able to cause a denial-of-service
Description: A permissions issue was addressed by removing the
vulnerable code.
CVE-2025-43397: Csaba Fitzl (@theevilbit) of Kandji
Spotlight
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed with additional sandbox
restrictions.
CVE-2025-43409: an anonymous researcher, Kirin (@Pwnrin), Jonathan Bar
Or (@yo_yo_yo_jbo) of Microsoft
StorageKit
Available for: macOS Tahoe
Impact: An app may be able to access protected user data
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43351: Rodolphe BRUNETTI (@eisw0lf) of Lupus Nova
StorageKit
Available for: macOS Tahoe
Impact: An app may be able to access sensitive user data
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2025-43463: Amy (@asentientbot), Mickey Jin (@patch1t)
sudo
Available for: macOS Tahoe
Impact: In certain configurations, an attacker with host-limited sudo
access may be able to elevate privileges
Description: This is a vulnerability in open source code and Apple
Software is among the affected projects. The CVE-ID was assigned by a
third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-32462
sudo
Available for: macOS Tahoe
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed with additional entitlement
checks.
CVE-2025-43334: Gergely Kalman (@gergely_kalman)
TCC
Available for: macOS Tahoe
Impact: An app may be able to break out of its sandbox
Description: A file quarantine bypass was addressed with additional
checks.
CVE-2025-43412: Mickey Jin (@patch1t)
Vim
Available for: macOS Tahoe
Impact: A path handling issue was addressed with improved validation
Description: This is a vulnerability in open source code and Apple
Software is among the affected projects. The CVE-ID was assigned by a
third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-53906
WebKit
Available for: macOS Tahoe
Impact: A malicious website may exfiltrate data cross-origin
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 276208
CVE-2025-43480: Aleksejs Popovs
WebKit
Available for: macOS Tahoe
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: This issue was addressed through improved state management.
WebKit Bugzilla: 296693
CVE-2025-43458: Phil Beauvoir
WebKit Bugzilla: 298196
CVE-2025-43430: Google Big Sleep
WebKit Bugzilla: 298628
CVE-2025-43427: Gary Kwong, rheza (@ginggilBesel)
WebKit
Available for: macOS Tahoe
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: This issue was addressed with improved checks.
WebKit Bugzilla: 299843
CVE-2025-43443: an anonymous researcher
WebKit
Available for: macOS Tahoe
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 298496
CVE-2025-43441: rheza (@ginggilBesel)
WebKit Bugzilla: 299391
CVE-2025-43435: Justin Cohen of Google
WebKit Bugzilla: 298851
CVE-2025-43425: an anonymous researcher
WebKit
Available for: macOS Tahoe
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: This issue was addressed with improved checks
WebKit Bugzilla: 298126
CVE-2025-43440: Nan Wang (@eternalsakura13)
WebKit
Available for: macOS Tahoe
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A use-after-free issue was addressed with improved memory
management.
WebKit Bugzilla: 297662
CVE-2025-43438: shandikri working with Trend Micro Zero Day Initiative
WebKit Bugzilla: 298606
CVE-2025-43457: Gary Kwong, Hossein Lotfi (@hosselot) of Trend Micro
Zero Day Initiative
WebKit Bugzilla: 297958
CVE-2025-43434: Google Big Sleep
WebKit
Available for: macOS Tahoe
Impact: Processing maliciously crafted web content may lead to memory
corruption
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 298093
CVE-2025-43433: Google Big Sleep
WebKit Bugzilla: 298194
CVE-2025-43431: Google Big Sleep
WebKit
Available for: macOS Tahoe
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: A use-after-free issue was addressed with improved memory
management.
WebKit Bugzilla: 299313
CVE-2025-43432: Hossein Lotfi (@hosselot) of Trend Micro Zero Day
Initiative
WebKit
Available for: macOS Tahoe
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: A buffer overflow was addressed with improved bounds
checking.
WebKit Bugzilla: 298232
CVE-2025-43429: Google Big Sleep
WebKit
Available for: macOS Tahoe
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: Multiple issues were addressed by disabling array
allocation sinking.
WebKit Bugzilla: 300718
CVE-2025-43421: Nan Wang (@eternalsakura13)
WebKit Canvas
Available for: macOS Tahoe
Impact: A website may exfiltrate image data cross-origin
Description: The issue was addressed with improved handling of caches.
WebKit Bugzilla: 297566
CVE-2025-43392: Tom Van Goethem
Wi-Fi
Available for: macOS Tahoe
Impact: An app may be able to cause unexpected system termination or
corrupt kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2025-43373: Wang Yu of Cyberserval
WindowServer
Available for: macOS Tahoe
Impact: An app may be able to cause unexpected system termination or
corrupt process memory
Description: The issue was addressed with improved memory handling.
CVE-2025-43402: @cloudlldb of @pixiepointsec
zsh
Available for: macOS Tahoe
Impact: An app may be able to gain root privileges
Description: A validation issue was addressed with improved input
sanitization.
Additional recognition
CoreGraphics
We would like to acknowledge Vincent Heinen for their assistance.
We would like to acknowledge an anonymous researcher for their
assistance.
MobileInstallation
We would like to acknowledge Bubble Zhang for their assistance.
Reminders
We would like to acknowledge IES Red Team of ByteDance for their
assistance.
Safari
We would like to acknowledge Barath Stalin K for their assistance.
Safari Downloads
We would like to acknowledge Saello Puza for their assistance.
Security
We would like to acknowledge JC Alvarado for their assistance.
Shortcuts
We would like to acknowledge BanKai, Benjamin Hornbeck, Chi Yuan Chang
of ZUSO ART and taikosoup, Ryan May, Andrew James Gonzalez, and an
anonymous researcher for their assistance.
sips
We would like to acknowledge Nabih Benazzouz =46rom Fuzzinglabs, Patrick
Ventuzelo =46rom Fuzzinglabs for their assistance.
Terminal
We would like to acknowledge Johann Rehberger for their assistance.
WebKit
We would like to acknowledge Enis Maholli (enismaholli.com), Google Big
Sleep for their assistance.
WindowServer
We would like to acknowledge @cloudlldb of @pixiepointsec for their
assistance.
macOS Tahoe 26.1 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
